I try to reverse proxy all the incoming email traffic to a
mailcow-dockerized solution in my debian server via haproxy:
The haproxy.cfg
configuration is:
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL). This list is from:
# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
ssl-default-bind-options no-sslv3
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontnend smtp
bind *:25
default_backend smtp_public
frontend submission
bind *:587
default_backend smtp_submission
frontend smtp_ssl
bind *:449
default_backend smtp_ssl
frontend pop3
bind *:995
default_backend pop3_
frontend imap
bind *:993
default_backend imap
backend smtp_public
mode tcp
option tcplog
server docker 127.0.0.1:2525 check
backend smtp_ssl
mode tcp
option tcplog
server docker 127.0.0.1:2465
backend smtp_submission
mode tcp
option tcplog
server docker 127.0.0.1:2587
backend pop3_
mode tcp
option tcplog
server docker 127.0.0.1:2995
backend imap
mode tcp
option tcplog
server docker 127.0.0.1:2993
And the images running are:
ec79939443d4 mailcow/acme:1.3 "/srv/docker-entry..." 46 hours ago Up 46 hours
29c295d44767 mailcow/rspamd:1.1 "/docker-entrypoin..." 46 hours ago Up 46 hours
2d09fd009c39 nginx:mainline-alpine "/bin/sh -c 'envsu..." 46 hours ago Up 46 hours (healthy) 80/tcp, 0.0.0.0:8080->8080/tcp
a00d9477c464 mailcow/fail2ban:1.0 "python2 -u /logwa..." 46 hours ago Up 46 hours
6fdf54789459 mailcow/phpfpm:1.0 "/docker-entrypoin..." 46 hours ago Up 46 hours 9000/tcp
091d621123aa mailcow/sogo:1.0 "/bin/sh -c 'exec ..." 46 hours ago Up 46 hours
1028c60923a0 redis:alpine "docker-entrypoint..." 46 hours ago Up 46 hours 6379/tcp
827c20cee898 mailcow/dovecot:1.0 "/docker-entrypoin..." 46 hours ago Up 46 hours 24/tcp, 10001/tcp, 0.0.0.0:2110->110/tcp, 0.0.
76a977a8064e mailcow/postfix:1.0 "/bin/sh -c 'exec ..." 46 hours ago Up 46 hours 588/tcp, 0.0.0.0:2525->25/tcp, 0.0.0.0:2465->4
2299076f475f memcached:alpine "docker-entrypoint..." 46 hours ago Up 46 hours 11211/tcp
03b56dcc1563 mailcow/unbound:1.0 "/docker-entrypoin..." 46 hours ago Up 46 hours (healthy) 53/tcp, 53/udp
21f5a3673f3f mariadb:10.1 "docker-entrypoint..." 46 hours ago Up 46 hours (healthy) 3306/tcp
e2af96428a94 robbertkl/ipv6nat "/docker-ipv6nat -..." 46 hours ago Up 46 hours
97fcf9ad82ad mailcow/clamd:1.0 "/bootstrap.sh" 46 hours ago Up 46 hours 3310/tcp
But I get the following error:
Ιούλ 04 17:28:51 DockerMailserver haproxy[58310]: [ALERT] 184/172851 (58310) : Unable to use proxy 'imap' with wrong mode, required: http, has: tcp.
Ιούλ 04 17:28:51 DockerMailserver haproxy[58310]: [ALERT] 184/172851 (58310) : You may want to use 'mode http'.
Ιούλ 04 17:28:51 DockerMailserver haproxy[58310]: [ALERT] 184/172851 (58310) : Proxy 'imap': unable to find required default_backend: 'imap'.
Ιούλ 04 17:28:51 DockerMailserver haproxy[58310]: [ALERT] 184/172851 (58310) : Fatal errors found in configuration.
Ιούλ 04 17:28:51 DockerMailserver systemd[1]: haproxy.service holdoff time over, scheduling restart.
Ιούλ 04 17:28:51 DockerMailserver systemd[1]: Stopping HAProxy Load Balancer...
Ιούλ 04 17:28:51 DockerMailserver systemd[1]: Starting HAProxy Load Balancer...
Ιούλ 04 17:28:51 DockerMailserver systemd[1]: haproxy.service start request repeated too quickly, refusing to start.
Ιούλ 04 17:28:51 DockerMailserver systemd[1]: Failed to start HAProxy Load Balancer.
Ιούλ 04 17:28:51 DockerMailserver systemd[1]: Unit haproxy.service entered failed state.
Do you fellows have an idea how to fix the error?
Best Answer
According to the docs,
mode
can be set on all sections (backend
,frontend
,defaults
,listen
). You have adefaults
sectionmode http
. Could this be applying to thefrontend
sections that don't have mode specified?Try specifying
mode tcp
for the frontends that are using backends withmode tcp
.